Bug 1127 - segmentation fault error when the busybox execute
: segmentation fault error when the busybox execute
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Marathon
: i586 Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-11-26 10:16 MSK by Vladimir Potapov
Modified: 2012-12-18 11:57 MSK (History)
3 users (show)

See Also:
RPM Package: busybox-1.18.4-5-rosa.lts2012.0 busybox-static-1.18.4-5-rosa.lts2012.0
ISO-related:
Bad POT generating:
Upstream: known
vladimir.potapov: qa_verified+
alex.burmashev: published+


Attachments
testing script (718 bytes, application/zip)
2012-11-26 10:16 MSK, Vladimir Potapov
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Potapov 2012-11-26 10:16:45 MSK
Created attachment 835 [details]
testing script

Description of problem:
When I run the busybox, I see segmentation fault errors.
The busybox from mdv2011/main (not updates!) working correctly

Steps to Reproduce:
1. download the script from an attachment, unpack it, chmod +x test_busybox.sh  
2. $./test_busybox.sh
3. see lot of errors:

working with existing bin/busybox

Tests working with the system utilities /bin/*
----- Test 1        ------
----- End of test 1 ------
----- Test 2        ------
----- End of test 2 ------
----- Test 3        ------
----- End of test 3 ------
----- Test 4        ------
----- End of test 4 ------
----- Test 5        ------
----- End of test 5 ------
----- Test 6        ------
----- End of test 6 ------

Tests working with bin/busybox
----- Test 1        ------
Segmentation fault (core dumped)
----- End of test 1 ------
----- Test 2        ------
Segmentation fault (core dumped)
----- End of test 2 ------
----- Test 3        ------
Segmentation fault (core dumped)
----- End of test 3 ------
----- Test 4        ------
Segmentation fault (core dumped)
----- End of test 4 ------
----- Test 5        ------
./test_busybox.sh: line 29: 19680 Segmentation fault      (core dumped) $TESTTARGET -c 'echo test >/root/test_busybox 2>/dev/null' 2> /dev/null
----- End of test 5 ------
----- Test 6        ------
./test_busybox.sh: line 29: 19682 Segmentation fault      (core dumped) $TESTTARGET './test_busybox_sub2'
----- End of test 6 ------
Comment 1 Denis Silakov 2012-11-26 12:51:27 MSK
Interesting, it really faults inside my 32bit VM, but works fine on a real 64bit machine.
Comment 2 Eugene Shatokhin 2012-11-28 15:25:31 MSK
I have reproduced the problem too. 

The tests crash with different backtraces but it looks like each time, there is at least something wrong with the exception handler the code tries to jump to (shell/ash.c:429).

I'll try to figure out what is going on there.
Comment 3 Eugene Shatokhin 2012-11-29 18:27:03 MSK
Looks like there is a problem with statically linked uClibc when threading is enabled, or with the build toolchain itself.

All 6 tests crash at the same location in _longjmp_unwind() function from uClibc (busybox uses setjmp/longjmp for a kind of exception handling). 

The code of the function looks quite interesting:

-------------------
push   %ebp
mov    %esp,%ebp
mov    %ebp,0xc(%ebp)
pop    %ebp
jmp    0x0  // !!!
-------------------

So, it is that explicit jump to the address 0x0 that results in the segfault.

The appropriate portion of the code of the corresponding static library looks like this:

_longjmp_unwind(), uClibc-0.9.32/libpthread/nptl/sysdeps/unix/sysv/linux/jmp-unwind.c, 31-40:

   0:   55                      push   %ebp
   1:   89 e5                   mov    %esp,%ebp
   3:   89 6d 0c                mov    %ebp,0xc(%ebp)
   6:   5d                      pop    %ebp
   7:   e9 fc ff ff ff          jmp    8 <_longjmp_unwind+0x8>
                        8: R_386_PC32   __GI___pthread_cleanup_upto

Looks like a relocation for pthread_cleanup_upto() was not processed properly by the linker for some reason.

I will try to prepare a concise example demonstrating the problem and will report it to uClibc maintainers first. 

Notes. 

1. The variant of busybox that uses dynamically loaded uClibc libraries does not have this particular problem. At least, when I executed test_busybox.sh for that busybox, the tests completed without problems. I removed ./bin/busybox created by the previous execution of the test script first.

I have looked through the code of libc (dynamically loaded library this time). I seems, the implementation of _longjmp_unwind() is different there and does not have that problem. Another branch of an #ifdef was used in _longjmp_unwind() there.

2. The probrem also does not show up in the variant of busybox that uses statically linked glibc instead of uClibc, at least on my machine. The tests run fine.

3. There is a similar problem in busybox reported so far:
https://bugs.busybox.net/show_bug.cgi?id=4291
Unfortunately, there seems to be no activity around it.
Comment 4 Vladimir Potapov 2012-11-30 03:58:31 MSK
1) The busybox is used as boot (.static only)
2) I d' like get busybox on the abf for testing (with statically glibs). Is it possible?
Comment 5 Denis Silakov 2012-11-30 10:19:19 MSK
(In reply to comment #4)
> 1) The busybox is used as boot (.static only)
> 2) I d' like get busybox on the abf for testing (with statically glibs). Is
> it possible?

I've rebuilt busybox with necessary settings in my personal repo. It passes the tests, indeed.

Note that only 32bit busybox has been build, 64bit one currently fails to build with glibc. On the other hand, 64bit busybox from ROSA 2012 LTS seems to pass your tests, so you likely can use that one if needed.
Comment 6 Eugene Shatokhin 2012-11-30 11:33:53 MSK
The problem is known to uClibc maintainers:
https://bugs.busybox.net/show_bug.cgi?id=3919

It seems, the problem is in GCC itself.

I will check if the workaround proposed by uClibc maintainers works.
Comment 7 Eugene Shatokhin 2012-11-30 12:11:22 MSK
Well, the workaround helps with that patricular problem but unfortunately it may introduce other problems.

Until GCC is fixed (see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=32219), it is perhaps better to stick to glibc-based variant of busybox.static.
Comment 8 Denis Silakov 2012-12-06 15:08:36 MSK
Advisory:

Some tools from busybox-static built with uclibc let to segmentation faults on 32bit platform.

Build lists:
- https://abf.rosalinux.ru/build_lists/852768
- https://abf.rosalinux.ru/build_lists/852767

Now 32bit version of busybox is built with glibc.
Comment 9 Vladimir Potapov 2012-12-07 09:59:36 MSK
busybox-1.20.2-1-rosa.lts2012.0
********************* Advisory **********************
Some tools from busybox-static built with uclibc let to segmentation faults on 32bit platform. Now 32bit version of busybox is built with glibc.
*****************************************************
QA Verified